linux/security
Casey Schaufler 677264e8fb Smack: network label match fix
The Smack code that matches incoming CIPSO tags with Smack labels
reaches through the NetLabel interfaces and compares the network
data with the CIPSO header associated with a Smack label. This was
done in a ill advised attempt to optimize performance. It works
so long as the categories fit in a single capset, but this isn't
always the case.

This patch changes the Smack code to use the appropriate NetLabel
interfaces to compare the incoming CIPSO header with the CIPSO
header associated with a label. It will always match the CIPSO
headers correctly.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
2013-08-01 20:04:02 -07:00
..
apparmor apparmor: no need to delay vfree() 2013-05-12 21:31:02 +10:00
integrity Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2013-07-03 14:04:58 -07:00
keys aio: don't include aio.h in sched.h 2013-05-07 20:16:25 -07:00
selinux Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-07-09 18:24:39 -07:00
smack Smack: network label match fix 2013-08-01 20:04:02 -07:00
tomoyo Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
capability.c Merge branch 'for-3.11' of git://linux-nfs.org/~bfields/linux 2013-07-11 10:17:13 -07:00
commoncap.c kill f_vfsmnt 2013-02-26 02:46:10 -05:00
device_cgroup.c device_cgroup: simplify cgroup tree walk in propagate_exception() 2013-05-24 10:55:38 +09:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig KEYS: Move the key config into security/keys/Kconfig 2012-05-11 10:56:56 +01:00
lsm_audit.c LSM: BUILD_BUG_ON if the common_audit_data union ever grows 2012-04-09 12:23:03 -04:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c NFS: Extend NFS xattr handlers to accept the security namespace 2013-06-08 16:20:17 -04:00